Ask the Expert: Blockchain FAQ

12 Apr 2018

Share & Bookmarking

Is blockchain software secure? This question is likely the first thing an IT professional will ask. Many news articles have publicized “hacks” in which thieves made off with millions in Bitcoin and other digital currency. The recent Coincheck heist and the famous Mt. Gox hack are classic examples. However, security vulnerabilities in blockchain are a common misconception – these breaches are almost exclusively failures in enterprise IT security practices rather than flaws in blockchain software. Generally, blockchain software is nearly hack-proof due to strong encryption—the only way to hack it is to guess the private key through trial and error. Even if a hacker uses the world’s fastest supercomputer, it would still take them millions of years to guess the correct key. But if the hacker can obtain the private key because of lax enterprise data protection, all bets are off. The weak point in blockchain is not the software itself, but the IT security practices and systems architecture of the organizations who use it. If the private keys to blockchain software are stored on an unsecured hard drive or lost by a careless employee, the system is vulnerable. Even an invincible security system can be defeated when cybercriminals possess the keys to enter through the front door.

What information gets stored on the blockchain? The information that gets stored on a blockchain depends on how the particular blockchain software solution is designed. Blockchain technology is malleable and can be designed to suit the various information needs of enterprise users in different industries. The chosen framework and validation algorithm sets the rules for what information gets stored on the blockchain and how it is accessed and managed, including who has permission to create or edit information. For example, a blockchain software to manage workflow might permit a team of multiple individuals to collaborate on a work-in-progress document, with each incremental change being added as a new block on the chain, including information about who made which edit and when. Alternatively, a system designed to function as a storage repository for records that are finalized and no longer subject to change could be built so that only an administrator can add new blocks containing records.

How does information disposition work on blockchain? Because blockchain technology is designed to make information permanent and immutable, deleting data is more difficult than storing it. This problem is one of the key information management challenges facing blockchain software. There are a couple of different ways that this might be resolved. The first method might be to render the data unreadable by deleting the decryption key that allows users to read encrypted blockchain data in a legible form, a process called “burning.” The data is still there, but it is “deleted” in the sense that no one can ever read it again. The drawback to this is that no storage space is freed up for new data. Another way might be to have to use a “side-chain” for each individual record that links up to the primary blockchain at different points. Here, the side-chain can still benefit from evidentiary properties of the main blockchain but can be deleted without destroying the continuity of the main blockchain. Once the side-chain deleted, all that will remain are the reference points that were included on the primary chain. While both of these solutions have merit, the best approach remains unclear at this time.

Which industries will use blockchain to manage data? All industries can benefit from the improvements in data integrity, reliability, and security that blockchain offers. However, some may benefit more than others. Healthcare, financial services, and shipping are all natural fits for blockchain technology because their operations rely on processing and verifying large quantities of records and information. Financial institutions need to exchange confirmations and reconciliations before making deposited funds available, which takes time and costs money. By allowing two banks to share information that they can both rely on, blockchain can save time and eliminate a lot of this inefficient administrative activity and paperwork. In healthcare, medical records can be instantly shared among healthcare providers and protected so that only patients or their doctors can view them or make changes. Shipping companies can track the status of containers in real time with fewer sign-offs and misplaced packages. In any industry where the availability of accurate and trustworthy information is important, blockchain might offer considerable improvements in operational efficiencies and generate value.

Will blockchain make information public? Privacy is a critical concern for enterprises. For a distributed public ledger like Bitcoin, anyone can read the blockchain to know who sent money to whom, but each person is semi-anonymous because all that’s visible is your wallet address. However, once someone makes the connection between a wallet address and a person’s name, all of those transactions can now be tied to the person. If your organization uses a more sophisticated public blockchain software like Ethereum that stores software or data, your files may be visible to the public. In most cases, though, those files are protected by the same strong encryption technology to prevent them from being read by an unauthorized person. Private blockchains offer the greatest privacy from the prying eyes of the public, but because of the “network effect,” this will likely require giving up some of the features and benefits of public blockchains. In particular, most private blockchains currently being developed are owned by large banking and technology corporations for their internal use, not for licensing to small enterprise users. Currently, the two main options are to either use a public blockchain ledger or hire programmers to design your own internal system.

Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.